Thought Leadership
The British government has fleshed out its anti-ransomware strategy. On Tuesday, the Home Office published plans for three key measures: a payment ban for public institutions and critical infrastructure, mandatory reporting before ransom payments are made and a general obligation to report ransomware attacks.
The planned payment ban for government agencies and operators of critical infrastructure is intended to reduce the incentives for cyber criminals to carry out targeted attacks. The background to this are spectacular ransomware attacks that led to empty supermarket shelves and even caused the death of a hospital patient in London.
Triple strategy against ransomware
The payment ban for government agencies and operators of critical infrastructure is intended to remove the incentives for cyber criminals to carry out targeted attacks. In addition, those affected must inform the government before making any ransom payments – this is intended to prevent funds from flowing to sanctioned actors. The general reporting obligation gives authorities better insight into the true extent of the threat.
Despite limited resources, successes have already been achieved: last year, the NCA broke up the LockBit ransomware group, which was responsible for 25% of all attacks worldwide. However, corresponding legislation is not expected until the next parliamentary session.
